|
|
|
|
# SECURITY WARNING: keep the secret key used in production secret!
|
|
|
|
|
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成
|
|
|
|
|
# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
|
|
|
|
|
SECRET_KEY:
|
|
|
|
|
|
|
|
|
|
# SECURITY WARNING: keep the bootstrap token used in production secret!
|
|
|
|
|
# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制
|
|
|
|
|
BOOTSTRAP_TOKEN:
|
|
|
|
|
|
|
|
|
|
# Development env open this, when error occur display the full process track, Production disable it
|
|
|
|
|
# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
|
|
|
|
|
# DEBUG: true
|
|
|
|
|
|
|
|
|
|
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
|
|
|
|
|
# 日志级别
|
|
|
|
|
# LOG_LEVEL: DEBUG
|
|
|
|
|
# LOG_DIR:
|
|
|
|
|
|
|
|
|
|
# Session expiration setting, Default 24 hour, Also set expired on on browser close
|
|
|
|
|
# 浏览器Session过期时间,默认24小时, 也可以设置浏览器关闭则过期
|
|
|
|
|
# SESSION_COOKIE_AGE: 86400
|
|
|
|
|
# SESSION_EXPIRE_AT_BROWSER_CLOSE: false
|
|
|
|
|
|
|
|
|
|
# Database setting, Support sqlite3, mysql, postgres ....
|
|
|
|
|
# 数据库设置
|
|
|
|
|
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
|
|
|
|
|
|
|
|
|
|
# SQLite setting:
|
|
|
|
|
# 使用单文件sqlite数据库
|
|
|
|
|
# DB_ENGINE: sqlite3
|
|
|
|
|
# DB_NAME:
|
|
|
|
|
# MySQL or postgres setting like:
|
|
|
|
|
# 使用Mysql作为数据库
|
|
|
|
|
DB_ENGINE: mysql
|
|
|
|
|
DB_HOST: 127.0.0.1
|
|
|
|
|
DB_PORT: 3306
|
|
|
|
|
DB_USER: jumpserver
|
|
|
|
|
DB_PASSWORD:
|
|
|
|
|
DB_NAME: jumpserver
|
|
|
|
|
|
|
|
|
|
# When Django start it will bind this host and port
|
|
|
|
|
# ./manage.py runserver 127.0.0.1:8080
|
|
|
|
|
# 运行时绑定端口
|
|
|
|
|
HTTP_BIND_HOST: 0.0.0.0
|
|
|
|
|
HTTP_LISTEN_PORT: 8080
|
|
|
|
|
WS_LISTEN_PORT: 8070
|
|
|
|
|
|
|
|
|
|
# Use Redis as broker for celery and web socket
|
|
|
|
|
# Redis配置
|
|
|
|
|
REDIS_HOST: 127.0.0.1
|
|
|
|
|
REDIS_PORT: 6379
|
|
|
|
|
# REDIS_PASSWORD:
|
|
|
|
|
# REDIS_DB_CELERY: 3
|
|
|
|
|
# REDIS_DB_CACHE: 4
|
|
|
|
|
|
|
|
|
|
# Use OpenID Authorization
|
|
|
|
|
# 使用 OpenID 进行认证设置
|
|
|
|
|
#
|
|
|
|
|
# 配置方式1:
|
|
|
|
|
# 1. 版本 <= 1.5.8
|
|
|
|
|
# 2. OpenID Provider 是 Keycloak
|
|
|
|
|
#
|
|
|
|
|
# BASE_SITE_URL: http://localhost:8080
|
|
|
|
|
# AUTH_OPENID: False # True or False
|
|
|
|
|
# AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
|
|
|
|
|
# AUTH_OPENID_REALM_NAME: realm-name
|
|
|
|
|
# AUTH_OPENID_CLIENT_ID: client-id
|
|
|
|
|
# AUTH_OPENID_CLIENT_SECRET: client-secret
|
|
|
|
|
# AUTH_OPENID_SHARE_SESSION: True
|
|
|
|
|
# AUTH_OPENID_IGNORE_SSL_VERIFICATION: True
|
|
|
|
|
#
|
|
|
|
|
# 配置方式2: (version >=1.5.8)
|
|
|
|
|
# 1. 版本 >= 1.5.8
|
|
|
|
|
# 2. 支持标准 OpenID Connect Provider
|
|
|
|
|
#
|
|
|
|
|
# AUTH_OPENID: False # True or False
|
|
|
|
|
# AUTH_OPENID_CLIENT_ID: client-id
|
|
|
|
|
# AUTH_OPENID_CLIENT_SECRET: client-secret
|
|
|
|
|
# AUTH_OPENID_SHARE_SESSION: True
|
|
|
|
|
# AUTH_OPENID_IGNORE_SSL_VERIFICATION: True
|
|
|
|
|
# AUTH_OPENID_PROVIDER_ENDPOINT: https://op-example.com/
|
|
|
|
|
# AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT: https://op-example.com/authorize
|
|
|
|
|
# AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT: https://op-example.com/token
|
|
|
|
|
# AUTH_OPENID_PROVIDER_JWKS_ENDPOINT: https://op-example.com/jwks
|
|
|
|
|
# AUTH_OPENID_PROVIDER_USERINFO_ENDPOINT: https://op-example.com/userinfo
|
|
|
|
|
# AUTH_OPENID_PROVIDER_END_SESSION_ENDPOINT: https://op-example.com/logout
|
|
|
|
|
# AUTH_OPENID_PROVIDER_SIGNATURE_ALG: HS256
|
|
|
|
|
# AUTH_OPENID_PROVIDER_SIGNATURE_KEY: None
|
|
|
|
|
# AUTH_OPENID_PROVIDER_CLAIMS_NAME: None
|
|
|
|
|
# AUTH_OPENID_PROVIDER_CLAIMS_USERNAME: None
|
|
|
|
|
# AUTH_OPENID_PROVIDER_CLAIMS_EMAIL: None
|
|
|
|
|
# AUTH_OPENID_SCOPES: "openid profile email"
|
|
|
|
|
# AUTH_OPENID_ID_TOKEN_MAX_AGE: 60
|
|
|
|
|
# AUTH_OPENID_ID_TOKEN_INCLUDE_USERINFO: True
|
|
|
|
|
# AUTH_OPENID_USE_STATE: True
|
|
|
|
|
# AUTH_OPENID_USE_NONCE: True
|
|
|
|
|
# AUTH_OPENID_ALWAYS_UPDATE_USER_INFORMATION: True
|
|
|
|
|
|
|
|
|
|
# Use Radius authorization
|
|
|
|
|
# 使用Radius来认证
|
|
|
|
|
# AUTH_RADIUS: false
|
|
|
|
|
# RADIUS_SERVER: localhost
|
|
|
|
|
# RADIUS_PORT: 1812
|
|
|
|
|
# RADIUS_SECRET:
|
|
|
|
|
|
|
|
|
|
# CAS 配置
|
|
|
|
|
# AUTH_CAS': False,
|
|
|
|
|
# CAS_SERVER_URL': "http://host/cas/",
|
|
|
|
|
# CAS_ROOT_PROXIED_AS': 'http://jumpserver-host:port',
|
|
|
|
|
# CAS_LOGOUT_COMPLETELY': True,
|
|
|
|
|
# CAS_VERSION': 3,
|
|
|
|
|
|
|
|
|
|
# LDAP/AD settings
|
|
|
|
|
# LDAP 搜索分页数量
|
|
|
|
|
# AUTH_LDAP_SEARCH_PAGED_SIZE: 1000
|
|
|
|
|
#
|
|
|
|
|
# 定时同步用户
|
|
|
|
|
# 启用 / 禁用
|
|
|
|
|
# AUTH_LDAP_SYNC_IS_PERIODIC: True
|
|
|
|
|
# 同步间隔 (单位: 时) (优先)
|
|
|
|
|
# AUTH_LDAP_SYNC_INTERVAL: 12
|
|
|
|
|
# Crontab 表达式
|
|
|
|
|
# AUTH_LDAP_SYNC_CRONTAB: * 6 * * *
|
|
|
|
|
#
|
|
|
|
|
# LDAP 用户登录时仅允许在用户列表中的用户执行 LDAP Server 认证
|
|
|
|
|
# AUTH_LDAP_USER_LOGIN_ONLY_IN_USERS: False
|
|
|
|
|
#
|
|
|
|
|
# LDAP 认证时如果日志中出现以下信息将参数设置为 0 (详情参见:https://www.python-ldap.org/en/latest/faq.html)
|
|
|
|
|
# In order to perform this operation a successful bind must be completed on the connection
|
|
|
|
|
# AUTH_LDAP_OPTIONS_OPT_REFERRALS: -1
|
|
|
|
|
|
|
|
|
|
# OTP settings
|
|
|
|
|
# OTP/MFA 配置
|
|
|
|
|
# OTP_VALID_WINDOW: 0
|
|
|
|
|
# OTP_ISSUER_NAME: Jumpserver
|
|
|
|
|
|
|
|
|
|
# Perm show single asset to ungrouped node
|
|
|
|
|
# 是否把未授权节点资产放入到 未分组 节点中
|
|
|
|
|
# PERM_SINGLE_ASSET_TO_UNGROUP_NODE: false
|
|
|
|
|
#
|
|
|
|
|
# 启用定时任务
|
|
|
|
|
# PERIOD_TASK_ENABLE: True
|
|
|
|
|
#
|
|
|
|
|
# 启用二次复合认证配置
|
|
|
|
|
# LOGIN_CONFIRM_ENABLE: False
|
|
|
|
|
#
|
|
|
|
|
# Windows 登录跳过手动输入密码
|
|
|
|
|
# WINDOWS_SKIP_ALL_MANUAL_PASSWORD: False
|
